Roger Fingas
The U.S. National Security Agency and its British equivalent, the Government Communications Headquarters, have both been launching attacks against security software in order to track individuals and break into networks, a report said on Monday.
One of the primary targets has been Russia's Kaspersky Lab, according to documents leaked by ex-NSA contractor Edward Snowden, obtained by The Intercept. The agencies have been reverse-engineering Kaspersky software to discover potential exploits, the documents show, and the NSA in particular has allegedly taken things a step further by intercepting data sent from Kaspersky apps to the company's servers. Much of that app data is reportedly unencrypted, although Kaspersky told The Intercept that it was unable to reproduce similar findings in testing.
One specific piece of evidence for reverse engineering is a GCHQ warrant renewal request from 2008, asking for the legal sanction to deconstruct apps from Kasperksy and others because they "pose a challenge to GCHQ's CNE [Computer Network Exploitation] capability and SRE [Software Reverse Engineering] is essential in order to be able to exploit such software and to prevent detection of our activities." The agency also indicated that SRE was being used to judge the suitability of anti-virus programs for use by separate government organizations.
The NSA tracking program reportedly involves monitoring HTTP requests, which contain unique identifiers showing that a customer has Kaspersky software. This in turn allows the NSA to track someone and judge whether their computer is vulnerable to an attack. In a statement to The Intercept however, Kaspersky insisted transmitted data is depersonalized and that it uses encryption.
Another NSA method involves scanning the email traffic of foreign anti-virus companies in order to pick up hints of new exploits and malware. In the case of malware, the agency has a group that can repurpose it to launch an attack against a desired target.
An internal 2010 presentation on the monitoring program, known as "Project CAMBERDADA," mentions 23 foreign anti-virus firms apart from Kaspersky such as Avast, F-secure, and Check Point. Major American and British companies are excluded, such as McAfee, Symantec and Sophos.
Earlier this year Kaspersky was hit with a major intrusion. The company indicated that the group behind the attack may be connected to other incidents involving negotiations involving Iran's nuclear program, as well as the 70th anniversary of the liberation of the Auschwitz-Birkenau concentration camp during World War II.
Marko Zivkovic
Wesley Hilliard
Oliver Haslam
Christine McKee
Malcolm Owen
William Gallagher
24 Comments
Heaven forbid that PCs running old versions of Microsoft Windows operating systems should be phased out, or prevented from accessing the Internet! What would the spies, spooks, hackers, malware writers, spammers, security software companies and IT technicians do for a living?
Just remember not to question what your government has told you to think: security and privacy are bad, and Edward Snowden is evil!
and these are the people looking after our interests....they act like the enemy of the people...totally lawless.
Heaven forbid that PCs running old versions of Microsoft Windows operating systems should be phased out, or prevented from accessing the Internet!
If you're going to be targeted by the NSA, or any state, it doesn't matter what OS you're running.
http://www.kaspersky.com/about/news/virus/2012/New_Mac_OS_X_Backdoor_Being_Used_for_an_Advanced_Persistent_Threat_Campaign
Forget a desktop OS, Iran got their Siemens SIMATIC S7 embedded systems hacked.
So either, you run OS X with no protection, and get targeted, or you run OS X with an antivirus and make their job harder.
If you're going to be targeted by the NSA, or any state, it doesn't matter what OS you're running.
http://www.kaspersky.com/about/news/virus/2012/New_Mac_OS_X_Backdoor_Being_Used_for_an_Advanced_Persistent_Threat_Campaign
Forget a desktop OS, Iran got their Siemens SIMATIC S7 embedded systems hacked.
So either, you run OS X with no protection, and get targeted, or you run OS X with an antivirus and make their job harder.
So you link to an article from an anti-virus company, Kaspersky, to support your beliefs? Are you actually running anti-virus software on your Mac? Do you realize that every piece of software that you install becomes yet another attack vector? OS X doesn't need anti-virus software beyond what Apple is doing, when the computer is used with presence of mind, and common sense. Know your computer, don't blindly trust a third-party company to be looking out for your best interests.